Apple's testimony in court about malware being a problem on the Mac because the user can install anything they want, but not on iOS is disingenuous. The restrictions don't stop malicious code.

Apple's review process is so backlogged that legitimate and popular apps can barely push bugtix updates and know they'll be running on devices out there within two months.

Epic itself showed how easy it is to slip some dormant code past Apple that gets triggered later only under some conditions.

Once code runs, at all, it only needs to be aware of issues that gain it a deeper access to the OS and exploit that and you've got yourself a rootkit that Apple can't even fix once they know about it.